Re: Record level security -- RPG400-L

I had another thought -- as of (I think) V5R1 there's a READ trigger, but
unfortunately it's only allowed AFTER the read has occurred. Even if
allowed, you'd still have the problem of determining who's requesting the
data.

Afaik you're right about the DDM files. With ODBC, I the server job swaps to
the user profile it's currently servicing, but it still uses QUSER when
obtaining the object lock.  Maybe a couple of exit programs?

hth,
Peter Dow
Dow Software Services, Inc.
909 425-0194 voice
909 425-0196 fax



----- Original Message -----
From: "Bartell, Aaron L. (TC)" <ALBartell@taylorcorp.com>
To: <rpg400-l@midrange.com>
Sent: Tuesday, October 30, 2001 3:44 PM
Subject: RE: Record level security


> Here is my problem with that though.  These 40 companies are going to be
> accessing the files via DDM and ODBC connections.  DDM over SNA user QUSER
> as the profile so how could I limit who has access to what?  I believe
ODBC
> connections would be doing the same thing, using QUSER as the profile once
> the program accessing the file has signed on.
>
> Let me know if I am wrong about this,
> Aaron Bartell
>
> -----Original Message-----
> From: Peter Dow [mailto:pcdow@yahoo.com]
> Sent: Tuesday, October 30, 2001 5:22 PM
> To: rpg400-l@midrange.com
> Subject: Re: Record level security
>
>
> Hi Aaron,
>
> My solution is more of a Midrange-L topic -- create 40 logical files (one
> for each company) with select criteria to limit the records to each
company,
> then restrict access to the physical and the logicals.
>
> hth,
> Peter Dow
> Dow Software Services, Inc.
> 909 425-0194 voice
> 909 425-0196 fax
>
> From: "Bartell, Aaron L. (TC)" <ALBartell@taylorcorp.com>
> To: <rpg400-l@midrange.com>; <ign_list@ignite400.org>
> Sent: Tuesday, October 30, 2001 2:21 PM
> Subject: Record level security
>
>
> > Hi All,
> >
> > My company has a corporate AS/400 that stores orders that we pass back
and
> > forth between about 40 different companies.  The orders have sensitive
> info
> > like credit card numbers and such that shouldn't be viewed by all of the
> 40
> > companies.  In this scenario each of the 40 companies has their own IT
> staff
> > that writes query tools to view the data on the corporate machine.  Is
> there
> > a way for me to restrict access so they can only see orders they are
> allowed
> > to see at a system level? (i.e. They can only see orders where they are
> the
> > sender or receiver)
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> _______________________________________________
> This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
> To post a message email: RPG400-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/rpg400-l
> or email: RPG400-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/rpg400-l.
> _______________________________________________
> This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
> To post a message email: RPG400-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/rpg400-l
> or email: RPG400-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/rpg400-l.


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com